Reset ESXi root account w/ PowerCLI

This method of resetting the root password does not require you to know the existing password and is a lot easier that setting up a host profile to change the passwords.

Original script source & writer – the best script is one someone else already wrote 🙂

# First, setup $vmhosts. You can do this many ways.$vmhosts = Get-Cluster -Name ClusterWithUnknownPassword | Get-VMHost
# Just so it contains one or more VMHost objects.
# To reset all ESXi host passwords use
# $vmhosts = Get-VMHost
# $vmhosts = Get-Cluster -Name "Cluster Name" | Get-VMHost

# Since this only works on ESXi 6 and up I used this option to skip the 5.5 hosts that will error out. -AD
$vmhosts = get-vmhost |Where-Object {$_.Version -eq '6.0.0'}

# This will prompt for the new root password -AD
$NewCredential = Get-Credential -UserName "root" -Message "Enter an existing ESXi username (not vCenter), and what you want their password to be reset to."
Foreach ($vmhost in $vmhosts) {
    $esxcli = get-esxcli -vmhost $vmhost -v2 #Gain access to ESXCLI on the host.
    $esxcliargs = $esxcli.system.account.set.CreateArgs() #Get Parameter list (Arguments)
    $ = $NewCredential.UserName #Specify the user to reset
    $esxcliargs.password = $NewCredential.GetNetworkCredential().Password #Specify the new password
    $esxcliargs.passwordconfirmation = $NewCredential.GetNetworkCredential().Password
    Write-Host ("Resetting password for: " + $vmhost) #Debug line so admin can see what's happening.
    $esxcli.system.account.set.Invoke($esxcliargs) #Run command, if returns "true" it was successful.

VCSA Upgrade: Failed to authenticate with the guest operating system using the supplied credentials.

Problem: During an upgrade from VCSA 6.5 to 6.7, the following error was observed in the install log and prevented stage one of the upgrade from starting.

  • error: sourcePrecheck: error in getting source Info: ServerFaultCode: Failed to authenticate with the guest operating system using the supplied credentials.

The root password entered into the wizard worked for logging into the appliance via the web interface (https://vcsa-ip:5480/) as well as via SSH.

Attempting to change the password or disable password expiration via the web interface did not work.

Solution: I was able to reset the password via SSH using the follow commands. Once done the wizard accepted the password and was able to complete stage 1 of the upgrade.